Use real-time caller authentication with Voice ID in Amazon Connect - Amazon Connect

Use real-time caller authentication with Voice ID in Amazon Connect

Tip

New user? Check out the Amazon Connect Voice ID Workshop. This online course guides you through how to setup and use the different features in Amazon Connect Voice ID.

Amazon Connect Voice ID provides real-time caller authentication and fraud risk detection which make voice interactions in contact centers more secure and efficient. Voice ID uses machine learning to verify the identity of genuine customers by analyzing a caller's unique voice characteristics. This allows contact centers to use an additional security layer that doesn't rely on the caller answering multiple security questions, and makes it easy to enroll and verify customers without changing the natural flow of their conversation. Voice ID also offers real-time detection of fraudsters who frequently target your contact center, thereby reducing losses due to fraud.

With Amazon Connect Voice ID you can:

  • Passively enroll customers for voice authentication without requiring them to repeat a particular word or phrase.

  • Migrate customers into Voice ID by enrolling them in batch.

  • Verify the enrolled customer's identity by analyzing their unique voice characteristics.

  • Detect fraudsters from a watchlist that you have created.

  • Detect voice spoofing.

How Voice ID works

Customer enrollment

  1. When a customer calls for the first time, the agent confirms the identity of the caller by using existing security measures, such as asking for mother's maiden name or a one-time passcode (OTP) delivered by SMS. This ensures that only genuine customers are enrolled in Voice ID.

  2. Voice ID starts listening to the customer's speech after the contact has encountered the Set Voice ID block, where Voice ID is enabled. Voice ID listens to the call until one of the following happens:

    • It gets enough audio to evaluate the speaker for authentication, fraud, and enroll the speaker (if requested). This is 30 seconds of customer speech, excluding silence.

    • The call ends.

  3. Voice ID then creates the enrollment voiceprint. A voiceprint is a mathematical representation that implicitly captures unique aspects of an individual's voice such as speech rhythm, pitch, intonation, and loudness.

    The caller does not need to say or repeat any specific phrases to enroll in Voice ID.

Customer authentication

  1. When the enrolled customer calls back in, they are verified through an interaction with an IVR, or during their interaction with an agent.

    By default Voice ID is configured to require 10 seconds of a caller's speech to authenticate, which can be done as part of a typical customer interaction in the IVR or with the agent (such as "what's your first and last name?" and "what are you calling about?"). You can adjust the amount of required speech using the Authentication response time property in the Set Voice ID block.

  2. Voice ID uses the audio to generate the caller's voiceprint and compares it with the enrolled voiceprint corresponding to the claimed identity, and returns an authentication result.

For more information about the agent's experience, see Enroll callers in Voice ID in the Contact Control Panel (CCP).

How much speech is needed for enrollment and authentication

  • Enrollment: 30 seconds of customer net speech (speech that excludes any silence) to create a voiceprint and enroll a customer.

  • Verification: By default, 10 seconds of customer net speech to verify that the voice belongs to the claimed identity. The speech can be from interacting with an IVR or an agent. You can adjust the amount of required speech using the Authentication response time property in the Set Voice ID.

Batch enrollment

You can get a jump start on using biometrics by batch enrolling customers who have already consented for biometrics. Using stored audio recordings in your S3 bucket, and a JSON input file that provides the speaker identifier and a link to the audio recordings, you can invoke the Voice ID batch APIs.

For more information, see Batch enrollment in Amazon Connect Voice ID using audio data from prior calls.

Known fraudster detection

There are a few steps to setting up the real-time detection of fraudsters:

  1. Create a new watchlist for storing known fraudsters. Or, use the default watchlist that is created when Voice ID is enabled.

  2. Register fraudsters to the new watchlist or the default watchlist.

  3. In the Set Voice ID block, specify which watchlist you want to use.

When one of the fraudsters from the watchlist that is specified in the flow calls your contact center, Voice ID analyzes the call audio to return a risk score and outcome. This score indicates how closely the caller's voiceprint matches that of the fraudster's in the watchlist. Voice ID requires 10 seconds of audio to evaluate the call audio for fraud risk from known fraudsters.

Default watchlist

When the Voice ID domain is created, Voice ID creates a default fraudster watchlist for that domain. The name and description of the default fraudster watchlist is encrypted using the KMS key that is provided in the domain and saved in Voice ID.

If you don't provide the fraudster watchlistId for fraud detection or fraudster registration, Voice ID uses the default fraudster watchlist.

You cannot update the metadata of the default fraudster watchlist, but you can associate or disassociate fraudsters from it.

Note

If your Voice ID domain was created before March 2023, when fraudster watchlists was launched: a default watchlist was created and all existing fraudsters have been placed in it.

Voice spoofing detection

  1. When a prospective fraudster tries to spoof caller audio using audio playback or synthesized speech, Voice ID returns a risk score and outcome to indicate the how likely it is that the voice is spoofed.

  2. Voice spoofing is only enabled when you enable the fraud detection feature in your contact flow. Voice spoofing scores are not returned when only speaker authentication is enabled.

  3. Voice ID requires 10 seconds of audio to evaluate the call audio for fraud risk from voice spoofing.

What data is stored?

Voice ID stores audio files of the speaker's voice, voiceprints, and speaker identifiers. This data is encrypted using a KMS key that you provide.

If you enable detection of fraudsters in a watchlist, Voice ID also stores the fraudster audio and voiceprints. For more information, see Data handled by Amazon Connect.